<?php
class Safe {
	/*public function __construct(){
		set_error_handler("self::customError",E_ERROR);
	}
	function customError($errno, $errstr, $errfile, $errline)
	{ 
		echo "<b>Error number:</b> [$errno],error on line $errline in $errfile<br />";
		die();
	}
	*/
	static public function check($filterPost=true){
		$referer=empty($_SERVER['HTTP_REFERER']) ? array() : array($_SERVER['HTTP_REFERER']);
		
		$SN = $_SERVER['SERVER_NAME'];
		$SN1=substr($_SERVER['HTTP_REFERER'], 7, strlen($_SERVER['SERVER_NAME']));
		$liwai=array('Paycenter','Fangshengchi');
		if ( $SN1!= $SN && $_SERVER['REQUEST_METHOD']=='POST' && $filterPost && !in_array(MODULE_NAME,$liwai)) exit();

		$getfilter="'|\b(alert|confirm|prompt)\b|<[^>]*?>|^\\+\/v(8|9)|\\b(and|or)\\b.+?(>|<|=|\\bin\\b|\\blike\\b)|\\/\\*.+?\\*\\/|<\\s*script\\b|\\bEXEC\\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)";
		$postfilter="^\\+\/v(8|9)|\\b(and|or)\\b.{1,6}?(=|>|<|\\bin\\b|\\blike\\b)|\\/\\*.+?\\*\\/|<\\s*script\\b|<\\s*img\\b|\\bEXEC\\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)";
		$cookiefilter="\\b(and|or)\\b.{1,6}?(=|>|<|\\bin\\b|\\blike\\b)|\\/\\*.+?\\*\\/|<\\s*script\\b|\\bEXEC\\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\\s+(TABLE|DATABASE)";
		//$ArrPGC=array_merge($_GET,$_POST,$_COOKIE);
		foreach($_GET as $key=>$value){ 
			return self::StopAttack($key,$value,$getfilter);
		}
		foreach($_POST as $key=>$value){ 
			return self::StopAttack($key,$value,$postfilter);
		}
		foreach($_COOKIE as $key=>$value){ 
			return self::StopAttack($key,$value,$cookiefilter);
		}
		foreach($referer as $key=>$value){ 
			return self::StopAttack($key,$value,$getfilter);
		}
	}
	static public function StopAttack($StrFiltKey,$StrFiltValue,$ArrFiltReq){  

		$StrFiltValue=self::arr_foreach($StrFiltValue);
		if (preg_match("/".$ArrFiltReq."/is",$StrFiltValue)==1){
			return array(
				'IP'	=>	get_client_ip(),
				'time'	=>	strftime("%Y-%m-%d %H:%M:%S"),
				'url'	=>	$_SERVER["PHP_SELF"],
				'METHOD'	=>$_SERVER["REQUEST_METHOD"],
				'param'	=>	$StrFiltKey,
				'data'	=>$StrFiltValue
			);
			//slog("<br><br>操作IP: ".$_SERVER["REMOTE_ADDR"]."<br>操作时间: ".strftime("%Y-%m-%d %H:%M:%S")."<br>操作页面:".$_SERVER["PHP_SELF"]."<br>提交方式: ".$_SERVER["REQUEST_METHOD"]."<br>提交参数: ".$StrFiltKey."<br>提交数据: ".$StrFiltValue);
			//self::error("您的提交带有不合法参数,谢谢合作!");
			exit();
		}
		if (preg_match("/".$ArrFiltReq."/is",$StrFiltKey)==1){   
			return array(
				'IP'	=>	get_client_ip(),
				'time'	=>	strftime("%Y-%m-%d %H:%M:%S"),
				'url'	=>	$_SERVER["PHP_SELF"],
				'METHOD'	=>$_SERVER["REQUEST_METHOD"],
				'param'	=>	$StrFiltKey,
				'data'	=>$StrFiltValue
			);
			//slog("<br><br>操作IP: ".$_SERVER["REMOTE_ADDR"]."<br>操作时间: ".strftime("%Y-%m-%d %H:%M:%S")."<br>操作页面:".$_SERVER["PHP_SELF"]."<br>提交方式: ".$_SERVER["REQUEST_METHOD"]."<br>提交参数: ".$StrFiltKey."<br>提交数据: ".$StrFiltValue);
			///self::error("您的提交带有不合法参数,谢谢合作!");
			exit();
		}  
	}

	static public function slog($logs)
	{
		$toppath=LOG_PATH."Safe.txt";
		$Ts=fopen($toppath,"a+");
		fputs($Ts,$logs."\r\n");
		fclose($Ts);
	}
	static public function arr_foreach($arr) {
		static $str;
		if (!is_array($arr)) {
			return $arr;
		}
		foreach ($arr as $key => $val ) {
			if (is_array($val)) {

				self::arr_foreach($val);
			} else {

			  $str[] = $val;
			}
		}
		return implode($str);
	}
}
?>